Information Resources & Technology (IRT)

Fighting Spam

On this page...

Purveyors of unsolicited bulk mail buy and sell lists of email addresses and use them to send mass mailings pitching all sorts of products and services from the mundane to the obscene. Early Netizens took to calling it "spam" because it reminded them of the Monty Python skit where restaurant patrons choose from a menu made up exclusively of items like "Spam, spam, spam, spam, spam, baked beans and spam" and are slowly drowned out by a rising chorus of Vikings and other people chanting "spam, spam, spam, spam." over and over. Perhaps one day email spam will be relegated to the dustbin of Internet history. For now though, spam appears to have joined death and taxes on the short list of life's inevitable problems.

Good news/bad news

The bad news: Once you start getting spam, there's really no truly effective way to stop it. The best you can hope for is to keep the flow from increasing. If you're getting more spam than real email with an account, the best bet may be to change email addresses and be more careful with the new address.

The good news: There ARE things you can do to prevent or minimize the amount of spam you get, especially if you start clean and are disciplined about limiting behavior that promotes spam. The same applies when you start over with a new address.

| back to top |

Some basics

Spam exists because it's commercially profitable. Remove the profit motive and spam will evaporate.

Don't spam

Don't send spam yourself. If you send mass mailings, a joke or family holiday note for example, make sure to use the BCC field in your email program so the other addresses are hidden from recipients. Chain mail with loads of CC addresses can put these addresses in the hands of spammers.

Don't respond

Never respond to spam. Even if it says you can be removed from the list. At best you're removed from this one list. At worst, and much more likely, you confirm to the spam artists that your email address is still valid, opening the floodgates for more.

Delete unread spam

It's usually not difficult to determine what's spam just by looking at the From and Subject indicators, even before opening the mail, especially if the mail is from a stranger. Subject lines will often be sexually related, offer weight loss "miracle" drugs, or try to sell mortgage packages. With practice, you will notice which subject lines you expect from your contacts and can select and delete spam mail without opening it.

Spam filters

Numerous services and enterprises have sprung up to address the scourge of spam. Most work on some kind of filtering principle, i.e. recognizing spam sources and shunting possible spam away from your regular mail stream. At this time, no one appears to have a perfect solution, but you may find one or more useful. Here are some cutting-edge anti-spam software:

  1. Spam Sifter (PC)
    This software automatically blocks spam based on the subject lines of your email. You can also create custom filters if there's something it's not catching. The registered version is $19.95.
  2. Email Magician (Mac)
    Spam filters for the Macintosh platform are hard to come by. This filter works with Eudora and automatically blocks email based on subject lines and known spammer's email domains. The lists are completely customizable. The registered version is $35.

    Note: These links are provided as a convenience to the user and do not imply endorsement by IRT or Stanford.

Stanford provides directions for filtering incoming mail into different folders in your mail directory.

Here are some handy links to Google searches for junk email prevention and junk email to get you on your merry way to finding the filter to suit your specific needs for spamlessness.

| back to top |

Not so basic

Web listings

Is your address listed on the web anywhere? This is a key source for email lists. Spammers use software robots to scan public sites for "mailto:" links and addresses. This is a hard one, because it may be important to get your address to people with legitimate reasons for contacting you. There are some tricks you can do with JavaScript to make your address available but unreadable by robots. I suppose that as robots become more sophisticated, these tricks also become fallible. When dealing with spam, the mission is to keep one step ahead of the bad guys. Perhaps Thomas Jefferson was referring to spam (presciently) when he said, "The price of freedom is eternal vigilance."

A simple solution

One solution to this problem is to avoid listing people's contact information on your site's page, and instead linking to the person's listing in Stanford.Who. In this way, the information is accessible, but the person can control what information is available to the public, including email, phones, etc.

To do this, simply go to Stanford.Who and search out the info page for the person in question. Here's an example:

John Hennessy
(link will appear in a new window)

Here's the URL:
http://stanfordwho.stanford.edu/lookup?search=Hennessy&key=DS883L573

Note that the link format above is for the public Stanford.Who. You can also use the same technique for internal Stanford.Who, but should warn users that they need a SUNet ID. Like this:

John Hennessy
(SUNet ID required; will appear in new window)

SUNet ID holders can omit contact info that shows in the public version of Stanford.Who from the public version, although not everyone does so. What is and isn't displayed is controlled through Stanford.You (SUNet ID required).

If you have a lot of contacts to process, you may want to try a different linking technique. Use the following form for the URL:

http://stanfordwho.stanford.edu/lookup?search=Last,+First
Example: John Hennessy (link will appear in a new window)

Make sure to verify that the person is in StanfordWho before using this techniqe and always check your results to make sure you get the right person (many people have very similar names). Try this for example: William Smith (will appear in new browser window).

JavaScript to the Rescue

You can use JavaScript to hide your mailto links from SpamBots*. A number of approaches have been developed, most of which can be found in Google. Here is one approach:

A typical mailto link takes this form: Jane Crayon: jane@crayon.net

Here's the code: <b>Jane Crayon:</b> <a href="mailto:jane@crayon.net">jane@crayon.net</a>

The following two techniques break up an email address into chunks that are unitelligible to most robots but are perfectly sensible to the Web user:

Method 1:

Sample: Jane Crayon:

Code:

Simply copy the code from the box above and change the jane part to your username and the crayon.net part to your email domain (e.g. stanford.edu)

Method 2:

Sample: Jane Crayon: [jane at crayon dot net]

Code:

To make use of this technique, copy all the code from the text box above and modify it to reflect the address you wish to hide, i.e. change "ja"+"ne"+"@"+"cr"+"ay"+"on.n"+"et", in both places it occurs in the code. So, for example, somebody@stanford.edu could be rendered "some"+"body"="@"+"stan"+"ford.e"+"du"

* IRT only maintains top-level pages for the Stanford Medicine. If your address is on a Web page you don't maintain yourself, and you wish a change to your listing, you will need to contact the maintainer of the site directly.

Newsgroups

Do you use newsgroups? Newsgroups are email lists used to communicate on any topic you can imagine. Because the postings (and their sources) are typically open to the public, their use can be a major source of spam. If you post to newsgroups, you may want to set up a special email account for that purpose.

Hide behind an alternate address

You sometimes have to provide an address to subscribe to a site, use its services, or to buy something online; you don't have to give them your main address that your friends write to. It's very easy and recommended to set up a free email account you can give to web sites with the full understanding that it will likely become a hot target for spam.

The most popular free email services are Hotmail, Yahoo! Mail, and Netscape. Also check out this Google search for free email.

| back to top |

Regarding List Servers

Membership on mailing lists can result in spam, if the access to the list is not controlled. Check policies and practices carefully on non-Stanford list servers.

If you have a list on the Stanford Mailman list service, be sure to restrict posting to admins for the most restrictive posting, or to members for the least restrictive. You don't want your list to be postable by unapproved users.

| back to top |

Starting over

When you set up a new email account, try to avoid having your old account transfer email to the new address. Instead, when you're sure the new address is working, email all your active contacts your new address and ask them to update their address books. Set a date at which you'll stop responding to mail to your old address.

| back to top |

Stanford Email

Stanford email (recognizable by the @stanford.edu ending) offers some options for changing email addresses. Your email options are managed through Stanford.You (SUNet ID required). In addition to your SUNet login ID (example: jcrayon for Jane Crayon), you also get two free "aliases" (examples: jane.crayon, scribble.crayon). Leland turns these into email addresses (examples: jcrayon@stanford.edu, jane.crayon@stanford.edu and scribble.crayon@stanford.edu). Stanford.Who displays the information you have set as public, potentially including your email address(es).

It is very difficult to have your SUNet login ID changed once it's set. ITSS generally only does this when you change your legal name. But you can turn the email address that uses the login ID (jcrayon@stanford.edu in our example) off using Stanford.You. When you go through Stanford.You > Your SUNet Services Settings > Change SUNet IDs, you will find a checkbox next to your login ID. Unchecking this box turns off email to this address. You must have at least one alternate SUNet ID (also set on this page), and the alternate ID(s) are then new addresses you can use. If you're already using an alternate rather than your login ID, you can use the second alternate to create a new address and transition to it.

While you're in Stanford.You, you might want to review your privacy settings. If you don't want your email address(es) to be public, you can make it/them private. There's also a settings page for email and web addresses.

Stanford has also installed anti-spam software on its servers. Based on the content of the message, the softwae automatically identifies patterns that resemble spam. All of this occurs before you receive the message. When a message is determined to be spam, the message is sent to you with the keyword "[SPAM:###...]" appended to the beginning of the subject line. You can set up your mail program to filter such messages to a Spam folder for review before permanent deletion. For more information go to Stanford's anti-spam email page.

| back to top |

Non-Stanford Email

For personal email address changes, contact your ISP (i.e. AOL, PacBell, Delphi, etc.). AOL for example, allows you up to 7 "screen names," each with its own email address. And you can always make use of the free email services mentioned to create new addresses.

Once you have a fresh address you'll probably still get the occasional spam, but if you follow the advice above, you should be able to keep it to a manageable minimum.

| back to top |

Standing Up to the Spammers

In recent years, the spam issue has become so grave that many countries and states have passed anti-spam legislation. If a particular spammer becomes a persistant nuisance and refuses your calls to stop sending you mail, you can bring the case to court. Generally a stern threat of suit against a particular offender will solve the problem and save you court fees. In California, for example, the worst offenders can be fined up to $25,000. Check out out these sites and related articles:

| back to top |

Resources

| back to top |

Stanford Medicine Resources:

Footer Links: